diff options
| author | Jochen Neumeister <joneum@FreeBSD.org> | 2018-07-20 14:26:43 +0000 |
|---|---|---|
| committer | Jochen Neumeister <joneum@FreeBSD.org> | 2018-07-20 14:26:43 +0000 |
| commit | d03bccb35a98e753f619dfebcc3c884d7ccfe01e (patch) | |
| tree | 667bb2b0b9e44ac7f12ef1cc53680c20bc56deac /www/apache24 | |
| parent | 6819630a75913c5b15f9552f62e14d5f84c44a8d (diff) | |
| download | ports-d03bccb35a98e753f619dfebcc3c884d7ccfe01e.tar.gz ports-d03bccb35a98e753f619dfebcc3c884d7ccfe01e.zip | |
www/apache24: Update to 2.4.34
- fixes vulns in mod_http2 and mod_md
- include SSL_* options in alphabetic ordering
- Remove unneeded SSL_CFLAGS and _LDFLAGS
- Remove WITH_HTTP_PORT and WITH_SSL_PORT
- Remove trailing whitespace
- Fix build with HTTP2 but without SSL [1]
PR: 229802, 227944 [1]
With hat: apache
Approved by: brnrd (apache)
MFH: 2018Q3
Security: 8b1a50ab-8a8e-11e8-add2-b499baebfeaf
Differential Revision: https://reviews.freebsd.org/D16294
Notes
Notes:
svn path=/head/; revision=475018
Diffstat (limited to 'www/apache24')
| -rw-r--r-- | www/apache24/Makefile | 24 | ||||
| -rw-r--r-- | www/apache24/distinfo | 6 | ||||
| -rw-r--r-- | www/apache24/files/patch-modules_md_md__crypt.c | 26 | ||||
| -rw-r--r-- | www/apache24/pkg-descr | 2 | ||||
| -rw-r--r-- | www/apache24/pkg-message | 1 | ||||
| -rw-r--r-- | www/apache24/pkg-plist | 2 |
6 files changed, 30 insertions, 31 deletions
diff --git a/www/apache24/Makefile b/www/apache24/Makefile index 8b0e6c1d8e8c..a07e619b0bab 100644 --- a/www/apache24/Makefile +++ b/www/apache24/Makefile @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= apache24 -PORTVERSION= 2.4.33 -PORTREVISION= 1 +PORTVERSION= 2.4.34 CATEGORIES= www ipv6 MASTER_SITES= APACHE_HTTPD DISTNAME= httpd-${PORTVERSION} @@ -35,9 +34,6 @@ SUB_LIST+= MPMF="000_mpm_prefork_fallback.conf" USERS= www GROUPS= www -WITH_HTTP_PORT?= 80 -WITH_SSL_PORT?= 443 - .include "${.CURDIR}/Makefile.options" .include "${.CURDIR}/Makefile.options.desc" OPTIONS_SUB= yes @@ -67,8 +63,10 @@ MPM_SHARED_SUB_LIST_OFF= MPM_FALLBACK_CHECK="\#" AUTHNZ_LDAP_CONFIGURE_ON= --enable-authnz-ldap BROTLI_CONFIGURE_WITH= brotli=${LOCALBASE} BROTLI_LIB_DEPENDS= libbrotlicommon.so:archivers/brotli -HTTP2_CONFIGURE_ON= --with-nghttp2=${LOCALBASE} +HTTP2_CONFIGURE_ON= --with-nghttp2=${LOCALBASE} \ + --with-ssl=${OPENSSLBASE} HTTP2_LIB_DEPENDS= libnghttp2.so:www/libnghttp2 +HTTP2_USES= ssl IPV4_MAPPED_CONFIGURE_ENABLE= v4-mapped LDAP_CONFIGURE_ON= --enable-ldap=shared LUAJIT_LIB_DEPENDS= libluajit-5.1.so:lang/luajit @@ -78,7 +76,7 @@ LUA_CONFIGURE_WITH= lua=${LOCALBASE} LUA_USES= lua MD_CONFIGURE_ON= --with-curl=${LOCALBASE} \ --with-jansson=${LOCALBASE} \ - --with-openssl=${OPENSSLBASE} + --with-ssl=${OPENSSLBASE} MD_LIB_DEPENDS= libcurl.so:ftp/curl \ libjansson.so:devel/jansson MD_USES= ssl @@ -87,14 +85,11 @@ PROXY_HTTP2_CONFIGURE_ON= --with-nghttp2=${LOCALBASE} PROXY_HTTP2_LIB_DEPENDS= libnghttp2.so:www/libnghttp2 SOCACHE_DC_CONFIGURE_ON= --with-distcache=${LOCALBASE} SOCACHE_DC_LIB_DEPENDS= libdistcache.so:security/distcache -XML2ENC_USE= GNOME=libxml2 - # Note: OpenSSL version (base/ports) depends how devel/apr1 was built # apu-1-config --(includes|ldflags) and apr_rules.mk -SSL_CFLAGS= -I${OPENSSLINC} SSL_CONFIGURE_ON= --with-ssl=${OPENSSLBASE} -SSL_LDFLAGS= -L${OPENSSLLIB} SSL_USES= ssl +XML2ENC_USE= GNOME=libxml2 ETC_SUBDIRS= Includes envvars.d extra modules.d @@ -110,9 +105,6 @@ PREFIX_RELDEST= ${PREFIX:S,^${DESTDIR},,} CONFIGURE_ARGS+=--prefix=${PREFIX_RELDEST} \ --enable-layout=FreeBSD \ - --with-port=${WITH_HTTP_PORT} \ - --with-sslport=${WITH_SSL_PORT} \ - --with-expat=${LOCALBASE} \ --enable-http \ --with-pcre=${LOCALBASE} \ --with-apr=${APR_CONFIG} \ @@ -155,7 +147,7 @@ IGNORE= AUTH_BASIC and AUTH_DIGEST need at least one AUTHN provider .endif .if ${PORT_OPTIONS:MAUTH_BASIC} && empty(PORT_OPTIONS:MAUTHZ*) -IGNORE= AUTH_BASIC need at least one AUTHZ provider +IGNORE= AUTH_BASIC needs at least one AUTHZ provider .endif # Non options-NG option handling @@ -165,7 +157,7 @@ CONFIGURE_ARGS+= --with-libxml2=${LOCALBASE}/include/libxml2 CONFIGURE_ARGS+= --without-libxml2 .endif -# WITH_STATIC_SUPPORT, WITH_DEBUG, WITH_EXCEPTION_HOOK +# WITH_STATIC_SUPPORT, WITH_DEBUG, WITH_EXCEPTION_HOOK # Only to be used for special builds .if defined(WITH_STATIC_SUPPORT) CONFIGURE_ARGS+= --enable-static-support diff --git a/www/apache24/distinfo b/www/apache24/distinfo index 0ed95db1b186..df0d8357363b 100644 --- a/www/apache24/distinfo +++ b/www/apache24/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1521377807 -SHA256 (apache24/httpd-2.4.33.tar.bz2) = de02511859b00d17845b9abdd1f975d5ccb5d0b280c567da5bf2ad4b70846f05 -SIZE (apache24/httpd-2.4.33.tar.bz2) = 6934765 +TIMESTAMP = 1531769087 +SHA256 (apache24/httpd-2.4.34.tar.bz2) = fa53c95631febb08a9de41fd2864cfff815cf62d9306723ab0d4b8d7aa1638f0 +SIZE (apache24/httpd-2.4.34.tar.bz2) = 6942969 diff --git a/www/apache24/files/patch-modules_md_md__crypt.c b/www/apache24/files/patch-modules_md_md__crypt.c index 9cc62c8cb750..2fd107698ef9 100644 --- a/www/apache24/files/patch-modules_md_md__crypt.c +++ b/www/apache24/files/patch-modules_md_md__crypt.c @@ -1,11 +1,19 @@ ---- modules/md/md_crypt.c.orig 2018-01-30 10:20:50 UTC +Upstream https://svn.apache.org/viewvc?view=revision&revision=1836096 + +On the 2.4.x branch: + +merge r1836095 from trunk: +* using the, hopefully correct, ever elusive libressl version numbering check + for the new openssl API calls, fixes PR 62548. + +--- modules/md/md_crypt.c.orig 2018-06-29 11:53:50 UTC +++ modules/md/md_crypt.c -@@ -471,7 +471,7 @@ apr_status_t md_pkey_gen(md_pkey_t **ppk - } - } +@@ -52,7 +52,7 @@ --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) - - #ifndef NID_tlsfeature - #define NID_tlsfeature 1020 + #if defined(LIBRESSL_VERSION_NUMBER) + /* Missing from LibreSSL */ +-#define MD_USE_OPENSSL_PRE_1_1_API (LIBRESSL_VERSION_NUMBER < 0x2080000f) ++#define MD_USE_OPENSSL_PRE_1_1_API (LIBRESSL_VERSION_NUMBER < 0x2070000f) + #else /* defined(LIBRESSL_VERSION_NUMBER) */ + #define MD_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L) + #endif diff --git a/www/apache24/pkg-descr b/www/apache24/pkg-descr index 1102fa67e2cb..e26a580d888c 100644 --- a/www/apache24/pkg-descr +++ b/www/apache24/pkg-descr @@ -6,4 +6,4 @@ services in sync with the current HTTP standards. The 2.x branch of Apache Web Server includes several improvements like threading, use of APR, native IPv6 and SSL support, and many more. -WWW: http://httpd.apache.org/ +WWW: https://httpd.apache.org/ diff --git a/www/apache24/pkg-message b/www/apache24/pkg-message index 1e988a89c5f6..b343c0ee81d0 100644 --- a/www/apache24/pkg-message +++ b/www/apache24/pkg-message @@ -20,4 +20,3 @@ Please compare the existing httpd.conf with httpd.conf.sample and merge missing modules/instructions into httpd.conf! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - diff --git a/www/apache24/pkg-plist b/www/apache24/pkg-plist index 5f3201b4809b..fd712fb68f98 100644 --- a/www/apache24/pkg-plist +++ b/www/apache24/pkg-plist @@ -253,7 +253,7 @@ sbin/split-logfile %%DATADIR%%/misc/index.html @postexec [ -f %D/%%WWWDIR%%/data/index.html ] || cp %D/%%DATADIR%%/misc/index.html %D/%%WWWDIR%%/data/index.html @(,,0400) %%WWWDIR%%/cgi-bin/printenv -@comment %%WWWDIR%%/cgi-bin/printenv.vbs +@comment %%WWWDIR%%/cgi-bin/printenv.vbs @comment %%WWWDIR%%/cgi-bin/printenv.wsf @(,,0400) %%WWWDIR%%/cgi-bin/test-cgi %%WWWDIR%%/error/HTTP_BAD_GATEWAY.html.var |